The Internet has been widely accepted as a useful source of information and means for communication. However, the openness and flexibility of the Internet has fostered undesirable activities such as Denial-of-Service (DoS) attacks, Distributed DoS (DDoS) attacks, Internet Protocol (IP) address spoofing, unsolicited commercial email (spam), and malicious traffic sent with harmful intent. One of the most fundamental of such undesirable activities is DoS, in which the network layer of the Open Systems Interconnection (OSI) model is affected. In a DoS attack, malicious traffic is directed toward a targeted system in the network. The targeted system has to expend some or all of its available resources (memory, bandwidth, time, etc.) to provide services to the malicious traffic. This results in the targeted system being unable to provide services to the more desirable data traffic due to scarcity of resources.
Various solutions have been proposed to reduce DoS attacks in a network. These solutions can be categorized into two broad categories, namely, end host-based and router-based.
Conventional end host-based solutions involve recognizing and discarding DoS traffic as and when it arrives at its destination. Such solutions may use resources such as bandwidth and Central Processing Unit (CPU) cycles (at the destination), to process the entire volume of DoS traffic received at the destination, and hence this solution unduly burdens the destination.
One class of conventional router-based solutions involves the configuration of certain routers in the network, which detect and filter DoS traffic. This solution requires updating and replacing routers, which may result in an increase in the cost of setting up the network. Another conventional router-based solution involves pushing back the process of detection and filtration to upstream routers, i.e., toward the originating source of the DoS traffic. However, such solutions do not enable reliable identification of the originating source of a data packet, and hence are unable to solve the problem completely.
Accordingly, there is a continuing need for achieving reliable identification of, and defensibility against, undesirable traffic in a network.